Installation and Fix of i2p inside Whonix-Workstation by Default

1 Like

How is 15.0.0.8.7? Does it work for you? For me only partially. I sudo apt install --no-install-recommends i2p i2p-router privoxy. Then started i2pbrowser from command line and opened http://127.0.0.1:7657. Web interface was functional but clicking any i2p domains failed with a privoxy error message. Expected?

1 Like

Takes time for the router to integrate. eepsite connections are a wash. Some work sometimes, then don’t. Could be poor perf parameters we have or the network is overloaded.

@Thinkablemellow can you please come up with optimal bandwidth settings?

1 Like

yes, but i think the main issue is startup time and tunnel length.
I guess the notification from my old setup would also be handy here, so People know when the Router is ready ?

Did you wait 10-15min? I2P takes some time

2 Likes

Reworded I2P local browser welcome page.

Please review.

No.

Ok, will try.

Yes. Patches welcome.

2 Likes

There is currently 1 blocker for installing I2P by default in Whonix-Workstation.
Currently I2P (usual systemd unit file) is automatically started for users who upgrade from Whonix developers repository. And I don’t think we want to make all of Whonix users briefly connect to I2P during upgrade until next reboot for security reasons. I2P start was supposed to be opt-in, not default.

Autostart of privoxy and i2p systemd unit files gets disabled in anon-apps-config /lib/systemd/system-preset/50-anon-apps-config.preset, yes, but that package gets installed only after the i2p package is installed during the upgrade process. [1]

This could be handled in next release upgrade Whonix 15 buster → Whonix 16 bullsyee.


[1] That config file /lib/systemd/system-preset/50-anon-apps-config.preset is functional. It works for privoxy non-autostart but not for i2p non-autostart. It depends on the order in which packages are installed. Both, i2p and privoxy will not be autostarted after reboot.


1 Like
1 Like

Bug: i2pbrowser does not show i2p local browser homepage.

To debug, I have edited /usr/share/tb-profile-i2p/start-i2p-browser to add

#!/usr/bin/env bash

set -x
true "TOR_DEFAULT_HOMEPAGE: $TOR_DEFAULT_HOMEPAGE"

and saw that variable TOR_DEFAULT_HOMEPAGE is correctly set to /usr/share/homepage/i2pbrowser/i2p-diffs.html.

Opening /usr/share/homepage/i2pbrowser/i2p-diffs.html in i2pbrowser is also functional.

Therefore I am clueless why i2p local browser homepage does not open.

Might or might not be related:


tb-starter /usr/share/tb-profile-i2p/start-i2p-browser

  • What is the purpose of it?
  • Is it really needed?
  • If not needed: Removed please (plus /usr/bin/torbrowser integration.
  • If needed: please forward port changes to ~/.tb/tor-browser/Browser/start-tor-browser (changes by Tor Project, not me) to /usr/share/tb-profile-i2p/start-i2p-browser since their changes might be needed. There should not be any unexplained difference.
2 Likes

yeah this is no good for an opt-in, on the other hand is it really that bad to connect to i2p briefly? its trough Tor anyway. Obviously your call.

Sounds good to me, i dont think there is any rush for this, people who want to use it now can use the wiki to do so.

Looking in to it

roger that

2 Likes

Thinkablemellow via Whonix Forum:

yeah this is no good for an opt-in, on the other hand is it really that bad to connect to i2p briefly? its trough Tor anyway. Obviously your call.

It would make all of Whonix users vulnerable to the attack surface
provided by I2P. I am not saying I2P has any remote exploitable
vulnerabilities but just from a security theoretic perspective it ought
to be avoided to expose all users to that risk even though they might
not be interested in I2P at all.

2 Likes

Is it an I2P setting? If trivial to add let’s do it.

1 Like

Sadly no

Not trivial but also not complicated if we use i2pcontrol, i’ll look what i can do

Another Issue we have to address is the old Version in the Debian Repos, its nonsensical to add an old version to whonix by default.
So this should also be a blocker for the inclusion.

I tested this Setup and can confirm that its working (i waited 15-20min) and also have the same issues with i2pbrowser Patrick has, still looking into that.

1 Like

“added in alternate profile and alternate profile launcher”
it is another launcher which like the i2pbrowser script doesn’t work (anymore), i played around with it but nothing works and every change is ignored by tbb, so there has to be something that changed.
I also remember an open-link-confirmation dialog when i last tried i2pbrowser, so something definitely changed.
I still haven’t figured out what though anyone else any idea?

just to note one thing about TB changes (unrelated to this case): before
when you tested TB with I2P Torbutton was a plugin within the browser,
now its built-in within the browser. So i dont know how to isolate Tor
from the browser if its based on vanilla TB (maybe disabling it through
about:config?..).

Thinkablemellow via Whonix Forum:

1 Like

Could be but nothing indicates that Torbutton is involved since we get a successful i2p proxy, which wouldn’t work if Torbutton was involved (that was an old Issue we had in the GW Thread)

@HulaHoop
Whats the reason for : user_pref("browser.startup.homepage", "about:blank"); in /usr/share/tb-profile-i2p/profile.i2p/user.js ?

I removed that setting but still get the blank page, no matter how or when i set the hompage it always gets ignored, the only way i could make i2pbrowser open that i2p-diffs.html is by opening it directly like Patrick posted above.

Can we use a simple workaround in /usr/bin/i2pbrowser for that?:

if [ $# -lt 1 ]
then
     torbrowser /usr/share/homepage/i2pbrowser/i2p-diffs.html
else
    torbrowser "$@"
fi

?

Has anybody tested if Secbrowser is working with its custom Homepage?

Thinkablemellow via Whonix Forum:

Whats the reason for : user_pref("browser.startup.homepage", "about:blank"); in /usr/share/tb-profile-i2p/profile.i2p/user.js ?

Once that was ever set it might not be easy to revert without creating a
new browser profile. Delete ~/.i2p folder if no data to preserve there
and try again.

Thinkablemellow via Whonix Forum:

Can we use a simple workaround in /usr/bin/i2pbrowser for that?:

if [ $# -lt 1 ]
then
     torbrowser /usr/share/homepage/i2pbrowser/i2p-diffs.html
else
    torbrowser "$@"
fi

?

Not good. Irrc in past passing a link that way had broken security slider.

Also understanding root causes is better than piling up workarounds on top.

1 Like

ah thanks, that did the job

1 Like

It’s not one of the things I set, but I think it was done to avoid displaying the original TBB landing page?

1 Like

Thinkablemellow via Whonix Forum:

ah thanks, that did the job
change console Page to /home by Thinkablemell0w · Pull Request #12 · Kicksecure/tb-starter · GitHub
remove blank homepage setting by Thinkablemell0w · Pull Request #11 · Kicksecure/tb-starter · GitHub

Merged.

Why /home why not “nothing”? Would “plain” http://127.0.0.1:7657 be
better?

The static I2P version in stable is not set in stone. We can revert the auto updater disabling they’ve done in Debian, but I want to know the Debian devs’ reason for doing it in the first place. @Thinkablemellow @nurmagoz can you get in touch with the Debian devs and ask them why they’ve turned the updater off?